Why the community edition? Well, I’d like to say it’s because I’m cheap but that’s no excuse since FastNetMon Advanced has a very liberal T&E license.
It has many ways to ingest traffic including PF_RING, Netmap, SnabbSwitch, AF_PACKET, pcap, sflow, and netflow. I’ve been using AF_PACKET because I don’t have a card that is capable of PF_RING (being remedied since AF_PACKET is only good for a single interface).
Enough background though; I spent some time fiddling with it and getting a bit frustrated since it wasn’t seeing the traffic I thought it should be seeing. First I ruled out issues with it being blind to .1q encapsulation since I had been mirroring a tagged port. Then I stopped redefining variables in the configuration file (and trimmed it down to the bare necessities for my application). Whew, Success!
Mostly. Couldn’t figure out why I could see traffic I pulled with one particular test harness but not with most others. Did a lot of head scratching and running tcpdump (where I saw the traffic just fine).
Finally I found the essential clue, and not on the community edition page but rather on FastNetMon Advanced’s site:
FastNetMon Advanced has support for IPv6 protocol. You need to install FastNetMon 2.0.94 version to use features mentioned in this guide.
Gee, I wonder what percentage of my test harness setups are dual stacked (and thus prefer IPv6)… Wess guessed 90% which is about right I reckon.
Forcing the traffic to IPv4 with cUrl did the trick, from the test devices that had previously not been working.
I guess I can’t complain about lack of features in the Community Edition and I’ll be getting off my butt to get the licensed one in place, but this is something I didn’t expect to be missing.